joomla
[6.0] Pass default User-Agent header for for http requests
Pull Request for Issue #46295.
Summary of Changes
After migrating to the Framework HTTP package, some Joomla HTTP requests are sent without a User-Agent header, which can cause servers or firewalls to block them (e.g., during extension updates). This PR resolves the issue by ensuring Joomla’s default User-Agent is applied to these requests.
Testing Instructions
This PR makes change to different part of our code base, it will require carefully code review and approve from at least one maintainer
There are some important areas which needs to be tested:
-
Use Joomla 6.0.1
-
Apply patch from this PR
-
Test update Joomla: Change You Joomla update to use this custom update server: https://artifacts.joomla.org/drone/joomla/joomla-cms/6.0-dev/46553/downloads/89844/pr_list.xml , then run the update and make sure it is updated properly
-
Test extension update: Install an old version of the extension, for example Akeeba backup 10.0.4 https://www.akeeba.com/download/akeeba-backup/10-0-4.html , then try to update to latest version of the extension uses Joomla updater and make sure it is still working
-
Test change to Languages model: Access to System - Manage - Languages, click on Install Languages button, make sure there is no error on the next page which display list of languages.
Would be great if you can also test the behavior of the following plugins, but not required
- Test GET Request scheduled task type (I personal tested it)
- Test System - Joomla! Statistics plugin (I also tested it)
- Test Multi-factor Authentication - YubiKey plugin. This one I never used or understand how it works, so I could not test it.
Actual result BEFORE applying this Pull Request
Some http requests sent from Joomla without User-Agent header
Expected result AFTER applying this Pull Request
All http requests sent from Joomla contains User-Agent header
Link to documentations
Please select:
-
[ ] Documentation link for docs.joomla.org:
-
[x] No documentation changes for docs.joomla.org needed
-
[ ] Pull Request link for manual.joomla.org:
-
[x] No documentation changes for manual.joomla.org needed
@SniperSister There are some changes to TUF related code which I do not understand the internal yet. I'm unsure if test update Joomla use Custom update server cover it or not. Could you please help reviewing to make sure it is OK, thanks.
@joomdonation
Too much code duplication, it's better to keep using framework HTTP class but keep \Joomla\CMS\Http\HttpFactory which will auto-inject header by default (like in current 6.0.1)? CMS factory should be just rewritten a bit.
It's normal to use framework package but have CMS-specific factory which will resolve HTTP class with CMS-specific options.
@AlterBrains Thanks for your feedback and Yes, I agree with you that there is too much code duplication and that should be improved. However :
- If we modify code of CMS http factory to return framework http object, I haven't checked but I expect there would be difference between http from framework with the one from CMS, so we will have the risk with b/c break
- To be safe, I proposed to introduce a new method getHttpClient which return http object from framework, with default userAgent auto-injected. That would work. But @HLeithner suggested that we explode the idea of pushing http factor to container and then inject it automatically to model/controller when it is needed. That would take more time to implement, review and testing, so not suitable for a bug fix release
So think about this PR as a bugs fix to avoid these http requests being blocked by WAF as described in original issue due to missing user-agent. And then we will have to more to implement a proper solution in 6.1
There are some changes to TUF related code which I do not understand the internal yet. I'm unsure if test update Joomla use Custom update server cover it or not. Could you please help reviewing to make sure it is OK, thanks.
LGTM
